以编程方式将自签名证书添加到密钥库/信任库
我看到这个问题(以及其他)解释了如何使用命令行手动将(自签名)证书添加到密钥库/ cacerts。执行此操作时,如果您获得了证书(.cert文件),则可以与没有签名证书的服务器建立安全连接。这对于测试目的非常有用。
I saw this question (and others) where it is explained how to add a (self-signed) certificate to your keystore/cacerts manually by using the commandline. When doing this, you can set up a secured connection with a server without a signed certificate, if you were given the certificate (.cert file). This is can be useful for testing purposes.
我想对此进行编程,因此用户无需手动执行此操作。基本概念如下:用户拥有.cert文件的本地副本,并为我的程序提供该文件驻留在其文件系统中的路径。我的程序获取文件并将其添加到密钥库。
I would like to program this, so users don't need to do this manually. The basic concept would be the following: The user has a local copy of the .cert file, and gives my program the path to where that file resides in his file system. My program fetches the file and adds it to the keystore.
我的问题是:如何将此证书添加到我的程序中的密钥库中,以便turstmanager接受它作为一个值得信赖/签名的证书,给定.cert文件的(路径)?是否有关于此问题的任何教程或代码片段?
My question is: how to add this certificate to the keystore within my program, so that the turstmanager will accept it as a trustworthy/signed certificate, given the (path) to the .cert file? Are there any tutorials or code snippets regarding to this problem?
PS:我不需要接受所有证书的trustmanager技巧,如上所述其他
PS: I do NOT need the "accept all certificates" trustmanager trick as described here
相当简单:
InputStream input = ...;
CertificateFactory factory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) factory.generateCertificate(input);
KeyStore keystore = ...;
keystore.setCertificateEntry(alias, cert);
从javadoc中可以看出加载和存储密钥库: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore .html
Loading and storing the keystore is evident from the javadoc: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html